A proposed security management framework for the global information community

Abstract

A proposal is made for the definition, functions, architecture, and components of security management. The proposal addresses the need for security management from the perspectives of the security administrator, the security architect, and the product vendor. The emphasis is on the protection of information rather than the protection of systems. Fundamental concepts are offered for the security management of globally distributed systems that support multiple security policies. The relationships between security management, system management, communications network management, and security infrastructure management are explained.